Home/ Questions/Q 5967885
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T20:00:32+00:00

Starting out with php, I have written a basic authentication script which prints out

  • 0

Starting out with php, I have written a basic authentication script which prints out a list of database on a mysql server if a userid (supplied by user) exists in the user table of “test” database.

The problem is that this script outputs database list even if the userid does not exist in the database. I am not sure what’s wrong with the script. pls look through the script and help me understand as to why the db list is being outputted even though the userid does not exist in the db. Here is the script:

<?php

if(isset($_POST['submitted']))
{
  $userid=$_POST['userid'];
  $userpassword=$_POST['userpassword'];
  $link_id=mysql_connect("localhost","root","pass");
  $result_db_list=mysql_list_dbs($link_id);
  mysql_select_db("test",$link_id);
  if(!($result_ptr=mysql_query("Select userid from user where Userid='$userid'",$link_id))) die ("Please enter correct userid");
     while($test=mysql_fetch_row($result_db_list))
      {
       echo $test[0]."<br>";
      } 

}
else
{
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Authentication Script</title>
<style type="text/css" >
  #header{
  padding-top:0px;
  margin:0px;
  background-color:#CCCCCC;
  }
  .container{
  width:950px;
  margin:0 auto;
  border:1px solid red;
  }
 .authbox {
 padding-top:100px;
 margin:0 auto;
 }
  #footer{
  background-color:#666666;
  color:white;
}
</style>
</head>

<body>
<div id="header">

<div class="container">

<form action="authentication script.php" method="post">
<div class="authbox">UserName: <input type="text" name="userid" /><br/>
Password: <input type="password" name="userpassword" /><br/>
<input type="hidden" name="submitted" value="true" />
<input type="submit" value="Submit" />
</div>
</form>


</div>

</div>

<div id="footer">
Copywright 2010 NT Technologies. 
</div>

</body>
</html>

<?php
}
?>

Thanks
rseni.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your script is full of errors. (I hope at least you have magic_quotes on otherwise you are in very big problem. Notice you should avoid anyway magic_quotes and use Prepared Statement)

    That’s happen because of

      if(!($result_ptr=mysql_query("Select userid from user where Userid='$userid'",$link_id))) 
     die ("Please enter correct userid");

    That’s query doesn’t return FALSE if it doesn’t select nothing.

    You should change it to:

    $result = mysql_query("SELECT COUNT(*) as countUser [etc]");
$r = mysql_fetch_assoc($result);
if ($r['countUser']==0) 
  die('Denied');
    • 0